nixos/defaults.nix

   1 { pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/predictable-interface-names.nix
   9 ];
  10 options = {
  11 };
  12 config = {
  13 nix = {
  14   #binaryCaches = lib.mkForce [];
  15   extraOptions = ''
  16   '';
  17   # Use gc.automatic to keep disk space under control.
  18   gc = {
  19     automatic = true;
  20     dates = "weekly";
  21     options = "--delete-older-than 30d";
  22   };
  23   nixPath = [
  24     # WARNING: this is a hack to avoid copying Nixpkgs
  25     # a second time into the Nix store.
  26     # It makes only sense when Nixpkgs is already in the Nix store,
  27     # and is registered.
  28     "nixpkgs=${toString pkgs.path}:nixpkgs-overlays=${../nixpkgs}/overlays.nix"
  29   ];
  30 };
  31
  32 nixpkgs = {
  33   config = {
  34     allowUnfree = false;
  35     /*
  36     packageOverrides = pkgs: {
  37       postfix = pkgs.postfix.override {
  38         withLDAP = true;
  39       };
  40     };
  41     */
  42   };
  43   overlays = import ../nixpkgs/overlays.nix;
  44 };
  45
  46 documentation.nixos = {
  47   enable = false; # NOTE: useless on a server, and CPU intensive.
  48 };
  49
  50 time = {
  51   timeZone = "Europe/Paris";
  52 };
  53
  54 i18n = {
  55   defaultLocale = "fr_FR.UTF-8";
  56 };
  57
  58 console = {
  59   font   = "Lat2-Terminus16";
  60   keyMap = "fr";
  61 };
  62
  63 # Always try to start all the units (default.target)
  64 # because systemd's emergency shell does not try to start sshd.
  65 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
  66 systemd.enableEmergencyMode = false;
  67
  68 # This is a remote headless server: always reboot on a kernel panic,
  69 # to not have to physically go power cycle the apu2e4.
  70 # Which happens if the wrong ZFS password is used
  71 # but the boot is manually forced to continue.
  72 # Using kernelParams instead of kernel.sysctl
  73 # sets this up as soon as the initrd.
  74 boot.kernelParams = [ "panic=10" ];
  75
  76 boot.cleanTmpDir = true;
  77 boot.tmpOnTmpfs = true;
  78
  79 networking = {
  80   # Fix hostname --fqdn
  81   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  82   hosts = {
  83     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  84     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  85   };
  86   search = [ domain ];
  87 };
  88
  89 services = {
  90   openssh = {
  91     enable = true;
  92     passwordAuthentication = false;
  93     extraConfig = ''
  94     '';
  95   };
  96   journald = {
  97     extraConfig = ''
  98       SystemMaxUse=50M
  99     '';
 100   };
 101 };
 102
 103 environment = {
 104   #checkConfigurationOptions = false;
 105   #etc.nixpkgs.source = (pkgs.runCommandLocal "pkgs.path" {propagatedBuildInputs=[pkgs.path]; buildInputs=[pkgs.path];} "mkdir $out");
 106   systemPackages = with pkgs; [
 107     pkgs.path # WARNING: this is a hack to register the path to Nixpkgs. See nix.nixPath.
 108     binutils
 109     #dnsutils
 110     dstat
 111     gnupg
 112     htop
 113     inetutils
 114     iotop
 115     lsof
 116     mailutils
 117     multitail
 118     ncdu
 119     pv
 120     swaplist
 121     tcpdump
 122     tmux
 123     tree
 124     vim
 125     which
 126     linuxPackages.cpupower
 127   ];
 128
 129   etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 130 };
 131
 132 programs = {
 133   bash = {
 134     interactiveShellInit = ''
 135       bind '"\e[A":history-search-backward'
 136       bind '"\e[B":history-search-forward'
 137
 138       # Ignore duplicate commands, ignore commands starting with a space
 139       export HISTCONTROL=erasedups:ignorespace
 140       export HISTSIZE=42000
 141
 142       # Append to the history instead of overwriting (good for multiple connections)
 143       shopt -s histappend
 144
 145       # Enable ** file pattern
 146       shopt -s globstar
 147
 148       # Convenient mkdir wrapper
 149       mkcd() { mkdir -p "$1" && cd "$1"; }
 150     '';
 151     shellAliases = {
 152       cl = "clear";
 153       l  = "ls -alh";
 154       ll = "ls -al";
 155       ls = "ls --color=tty";
 156       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 157
 158       s="sudo systemctl";
 159       s-u="systemctl --user";
 160
 161       nixos-clean="sudo nix-collect-garbage -d";
 162       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 163       nixos-rollback="sudo nixos-rebuild switch --rollback";
 164       nixos-update="sudo nix-channel --update";
 165       nixos-upgrade="sudo nixos-rebuild switch";
 166       nixos-upstream="sudo nix-channel --list";
 167     };
 168   };
 169   gnupg = {
 170     agent = {
 171       pinentryFlavor = "curses";
 172     };
 173   };
 174   mosh.enable = true;
 175   mtr.enable = true;
 176 };
 177 };
 178 }